问题
In my project I got to create users who are allowed to read only access to VOB. To accomplish this as per study and my understandings I have created different groups and directory wise I have changed root group to respective group. Example : Under VOB I have three directories dA, dB and dC I created 3 groups gA, gB and gC. Even after gving protecting directories by chmod 770 so that other groups could not do Checkin/Checkout - 1. Other groups users still could access directories. 2. And other groups are still able to do Checkin/Checkout.
Please do suggest on how I can restrict VOB components(directory basis) from checking ou/in by specified user in clearcase.
回答1:
ClearCase 7.x:
chmod on the vob storage itself isn't enough to prevent checkout/checkins modification operations: you need to consider the CLEARCASE_PRIMARY_GROUP environment variable used by each user.
If that group is not part of the primary group or secondary groups declared in the vob, they wouldn't be able to checkout/checkin.
See also "About ClearCase permissions on Windows".
As mentioned in this thread:
Unless user is a member of the element's group, he or she would not be able to make any changes (checkouts/check-ins). It can be used to grant read-only access to a VOB, when elements "world" rights are not revoked.
BTW, even when required group membership is not granted, it would not prevent user from creating metadata, such as branch or label types. Triggers would be required to restrict these operations.
This thread confirms:
you are stuck with a pre-op trigger on checkout.
Add the "read-only" users to the group and only allow users in a list (either in the trigger itself or as an attribute on the VOB) to perform checkouts.
ClearCase 8.x
CC8 introduces the notion of access control lists (ACLs), which simplify the security of your versioned object bases (VOBs).
See more with "Ensure effective administration and security in Rational ClearCase 8.0.1"
来源:https://stackoverflow.com/questions/27677191/restrict-vob-components-from-checking-ou-in